Privacy Policy

Last updated: 23/01/2026

1. Data Controller

The data controller responsible for your personal data is:

Company: Kern IT

Company Number: BE0845906217

Address: Rue Belliard 2A, 1040 Bruxelles, Belgium

Email: privacy@kernit.be

2. Legal Basis for Processing

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

  • Contract Performance: Processing necessary to provide our services and fulfill our contractual obligations to you.
  • Legitimate Interest: Processing necessary for our legitimate business interests, such as improving our services, security, and fraud prevention.
  • Legal Obligation: Processing necessary to comply with legal obligations, including accounting and tax requirements.
  • Consent: For marketing communications and optional features, we process data based on your explicit consent.

3. Personal Data We Collect

We collect and process the following categories of personal data:

Account Information

Email address, username, first name, last name, profile picture, language preferences, and account settings.

Location Information

Geographic location data when you interact with location-based features, visit locations, and participate in location chat rooms.

Usage Data

Login history, last activity, features used, IP addresses, browser type, device information, and access times.

Communications

Messages sent through location chat rooms, support requests, and other communications with us or through our platform.

Technical Data

Cookies, log files, session data, and technical identifiers necessary for security and platform functionality.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Provide and maintain our location-based chat platform
  • Process your registration and manage your account
  • Authenticate users through passwordless magic link authentication
  • Enable location-based features and real-time messaging
  • Provide customer support and respond to inquiries
  • Improve and optimize our services
  • Ensure platform security and prevent fraud
  • Comply with legal obligations and enforce our terms
  • Send service-related notifications (e.g., magic links, account updates)
  • Send marketing communications (only with your consent)

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

Service Providers

Third-party service providers who assist us with hosting, email delivery, and analytics. These providers are contractually bound to protect your data.

Legal Authorities

When required by law, court order, or to protect our rights, property, or safety.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Active Accounts: Account data is retained while your account is active and for a reasonable period thereafter.
  • Legal Obligations: Financial and transaction data is retained for 7 years as required by Belgian accounting and tax law.
  • Deleted Accounts: Upon account deletion, personal data is anonymized or deleted within 90 days, except where retention is required by law.

7. Your Rights Under GDPR

Under the GDPR and Belgian data protection law, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data
  • Right to Restriction: Request that we limit how we use your data
  • Right to Data Portability: Request your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with the Belgian Data Protection Authority

To exercise your rights, please contact us at privacy@kernit.be. We will respond to your request within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Passwordless authentication using secure magic links
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Regular backups and disaster recovery procedures

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Cookies and Tracking Technologies

We use essential cookies and similar technologies to:

  • Maintain your login session and authentication
  • Remember your preferences (language, theme)
  • Ensure platform security and prevent fraud
  • Analyze platform performance (with your consent)

You can control cookies through your browser settings. However, disabling essential cookies may affect platform functionality.

10. Belgian Data Protection Authority

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Belgian Data Protection Authority:

Authority: Autorité de protection des données (APD) / Gegevensbeschermingsautoriteit (GBA)

Address: Rue de la Presse 35, 1000 Brussels, Belgium

Phone: +32 2 274 48 00

Email: contact@apd-gba.be

Website: www.dataprotectionauthority.be

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@kernit.be

Mail: Kern IT, Rue Belliard 2A, 1040 Bruxelles, Belgium

This Privacy Policy is governed by Belgian law and the General Data Protection Regulation (GDPR).